Access official resources from Carbon Black experts
Cb Defense (formerly Confer) - All
This document provides information on how to collect logs to troubleshoot SPLUNK SIEM Connector issues
Splunk SIEM Connector Troubleshooting
This is not typically requested by support to the customer, but if this change can be made by a System Admin, it will facilitate faster troubleshooting if this can be done and logs can be provided.
LINUX SIEM Connector:
On the confer_connector.py:
DEBUG_MODE = FalsetoDEBUG_MODE = True
DEBUG_MODE = False
DEBUG_MODE = True
SPLUNK_HOME environment variable is normally set by default to:
The log files are located in:
Confer Connector log file$SPLUNK_HOME/var/log/splunk/confer_connector.logCb Defense Add-On for Splunk log file$SPLUNK_HOME/var/log/splunk/ta-cb_defense_cbdefense_XXXX.log, ta-cb_defense_cbdefense_XXXX.log.1, ta-cb_defense_cbdefense_XXXX.log.2, etc..
Confer Connector log file
Cb Defense Add-On for Splunk log file
$SPLUNK_HOME/var/log/splunk/ta-cb_defense_cbdefense_XXXX.log, ta-cb_defense_cbdefense_XXXX.log.1, ta-cb_defense_cbdefense_XXXX.log.2, etc..
Windows SIEM Connector:
The Log Level is set to Info by default. On the connector script that you downloaded, modify the log level.
ModifyLOG_LEVEL=InfotoLOG_LEVEL=Verboseto obtain more verbose connector logs.
to obtain more verbose connector logs.